No. You don't. The rules you're quoting say nothing about spoofing the master made, just spoofing the access ID of the master node

Here's the classic example from http://forums.dumpshock.com/index.php?s=&a...st&p=804857 trimmed down to just Slamm-O!'s actions.

I think you are mostly right.
I believe you must Sniff the Master Node's signal for the Master Node's Access ID. Then, you use the Spoof program to send a command to the Slave system. The Spoof program convinces the slave that the command came from The Master. But, each time you want to send a command, you must fool the system again. Because you haven't hacked it. You are just using The Master's AID.

Like the scene in Terminator 2. The T1000 (the hacker) used John's (the slave) Foster Mother's (the master) voice to convince John to come home (spoofing a command). But, the T800 (John's Firewall) realizes it's a fake and John ignores the command.

The problem is that he cannot Directly Spoof the Drone if it is SLAVED to the Master Node, which in the scenario above is not stated. For him to spoof orders to the Drone, in general, he must have the AID of the Connected Subscription from which it is receiving commands. In the case of a Master-Slave Scenario, the only way in is through the Master Node, whcih is not the case in the example that you used. The Drone is not SLAVED to the Rigger, the Rigger just has a Subsrciption to it.

I would have the Drone Slaved, personally, but it is NOT required.

You MUST know about the Slaves available before you can command them, since you cannot tell if the node you are in is Master or not without actually observing its connections. You are not notified when you are forwarded from an attempted Connection with a Slave, because all you see IS THE MASTER. You need to analyze the Node to discover any Slaves present. This is why you need to Spoof access to the Master.

How would you send a spoofed command to a Slaved Node that you don't have an AID for? Without two AIDs, you can't communicate.

You do not need the AID of a Slaved Node, you need its Master's AID. You still have to Spoof the Slaved Node (Using the AID of the Master; but as long as it accepts the Master's AID, it will do what it is told to do) of course. The Slaved node is already accepting commands from the Master, and you do need to know of the Slaved Nodes Presence (Using Analyze, of course), but once you have found the Slave, all you need to do is convince it that you are the Master Node.

Slave or not in no way matters in the example provided (assuming that the rigger is the master, which she would have to be to operate the drone). Since you are trying to break into the slave, knowledge of the slave seems to be an already established fact, so there is no need to spoof access to the master (which isn't a thing).

The spoof program is basically identical to the command program in all respects except one, which is that instead of giving your own Access ID, you can give any Access ID you feel like. So, if something will happen when a command is sent from access ID X, then it will happen if a spoofed command is sent to look like it is from access ID X. Access to the Master is in no way required for this. Now, finding what slaves a device might have, that is an entirely different matter.


Well, technically an Access ID isn't required for communication. I can go "Okay, I want to connect to that node right there." without actually figuring out what its access ID is. Kind of like how you can connect to dumpshock without knowing its IP address.

Of course he can.

Do we agree that he can directly spoof the drone if it's NOT slaved. If so, can you show me where a slave connection makes it unable to be directly spoofed because the rules you're quoting only require the access ID of the master node, something Slamm-O! already has from his Trace User.

I can't find that rule anywhere. Actually, I can't even find "Connected Subscription" in the rules. Do subscriptions even have Access IDs?

Not unless it's a wired connection.

I think he meant the access ID of the device it is connected to through the subscription, which the example provided has.

The rules say you can. They say exactly and without quesiton that you can, because it's one of THREE, not FOUR, ways you can control a device that is slaved to a commlink that isn't yours.

pg. 55 Unwired

Hey, when faced with a slaved node, you also have the option of ignoring it. You also have the option of convincing the owner of the master node to do stuff for you. You have plenty of options that aren't listed, or are you saying that those things magically aren't options? That if you find a slaved node you must hack into it because ignoring it isn't an option?

My team's technomacer with her Black Hat Paragon has to.
One of these days she'll get those 3 hits. Well, one of these days she'll try to.

remember, the slave node is still part of the adhoc network matrix system.

It receives your 'packet' checks to see if your AccessID matches the one of it's master.
Yes: Do what you tell it to
No: Forward request to Master

It is possible btw, to edit the AccessID of your commlink, via a hardware modification, or a computer+edit roll. If you made your accessID the same, then you could hack the node. Especially if you jammed the other commlink's signal.

Think of AccessID as a MAC address.

Isn't there something preventing two devices with the same access ID from being around at the same time? I mean, I'm sure you could override it, but it would cause all kinds of problems, wouldn't it? I mean, you'd get everything that was intended for the other ID: Phone calls, matrix connections, even data requests by the original device. The other person would also quickly notice anything you're up to, because anything sent to your device would also be sent to theirs.

Isn't that exactly what Spoofing is?

No.

The protocol says DON'T DO IT so programmers don't do it and hackers do. There's no law of physics or game rules that prevents it as far as I'm aware of. Access IDs aren't particularly secure.
Define "problems"....
That may meet your definition of problem. Not mine.

Why would I have anything sent to that access ID I don't want the other person to see?

TJ, yeah, I wasn't thinking of broadcasting. You are right, as long as I have the master's AID, any slaved nodes that can get my spoofed command will try and perform it. Now, there is risk of being found out quicker if I don't specify only one slave and the other slaves can't perform the action. But yeah, if I broadcast with the right AID, then I don't need to know any of the slaved nodes's AIDs.

Ghost, I'm not sure that I can just pick a slaved node, though. That's just software abstraction that allows you to pick. Just like dumpshock, I may not know the IP, but the IP has to be connected to dumpshock. My impression is that a slaved node does not appear anywhere, as all traffic gets forwarded to the master. Now, that may be a way to figure out a node is slaved, as I could be looking at a comm 3 feet away and try to connect to it and find my traffic is travelling to a comm that is 30 feet away. Again, the way I am reading slaves is that once the node is slaved, it disappears (wirelessly) from any view and only the master is "visible". Granted, the traffic is still being forwarded so that is accessible to scrape AIDs from the intercepted traffic, but you are not interacting with that slave unless you physically connect, go through the master or spoof the master.

If you try to show up in a node which already has that Access ID in it, the node would refuse to allow it because a persona with that access ID already exists.
It's the same thing that prevents Agents from making infinite copies of themselves on the same node.

It makes all the difference if a Node is standalone or slaved... What books have you been reading?

Unfortunately, an AID IS required for communications. You cannot communicate without transmitting an AID. It is just not something that you generally worry about, because your own AID is used when connections are made. Which is why you can be traced. And your dumpshock relation is inaccurate. You leave a log of what actions you take on Dumpshock, and specific information about you is recorded in the log. Among that data is likely the "Access ID" that is provided to Dumpshock that has the details of your account. If you are anonymous, then they likely just get your IP address, or other such information.

Also remember that spoofing is 1 way. You can send Spoofed commands to a node, but you cannot spoof receive information from that node. You can tell the drone to shoot target X, but you can't know if it's going to do it or not, until it does.

Indeed, but not in all situations.



Of course he can Spoof an Un-Slaved node. That is why Slamm-O! went to the trouble of obtaining an AID that was not his. However, when he tries to spoof a Slaved Node, he is directly routed back to the Master Node, because the SLAVE DOES NOT ACCEPT ANY OTHER COMMUNICATIONS. They MUST come from the MASTER NODE. Because the Hacker has been routed back, the Slave does nothing. You must connect from the Master to the Slave. To do so requires a 2-Step Process, as I indicated above.

I have provided said rules twice now. They are in posts above.

Ironically, these are the same rules that I have already posted twice now. There is NO 4th Option listed.

And no they do not. You cannot DIRECTLY SPOOF a Slaved Node. UNLESS You have direct, physical access. In the examples we have been bandying about, there is NO direct physical access.

Very, Very True.

Option 3:
You can Spoof the AccessID of the MASTER NODE, and then spoof commands to the slave.

That's pretty clear cut
If you have the Access ID of the Master Node, you can totally spoof the slave.

Non Slaves:
You send a command to a device or agent, pretending it is from an authorized source. You must have an access ID from which the target accepts commands (usually by making a Matrix Perception test on the authorized source or by tracing its icon). To spoof a target, choose a command (per the Issue Command action, p. 229) and make an Opposed Test between your Hacking + Spoof and the target’s Pilot + Firewall (System + Firewall for peripheral devices); if you succeed, the target accepts the command as legitimate. Each Spoof Command action applies only to a single command; multiple commands require multiple Spoof Command attempts.

But only FROM the Master Node, not from an independant node, because the Slave does not accept any connections except those from the Master Node. You cannot forge a connection except from the master node. Command Connections (The only thing a drone will listen to) need a Subscription. Unfortunately, you cannot forge a Subscription to a Slaved Drone with a Spoof Command. So therefore, you need to use the connection that already exists. The Master Node's connection.

Do you have even the vaguest idea of what spoof does? When you try spoof a slaved node using the master's access ID, the slave will accept them because the instructions look like they are coming from the master. That is THE ENTIRE POINT of spoofing. A device can't tell the difference (without winning the opposed check) from a spoofed command saying it is coming from the master, and an actual command coming from the master. All a command is is a packet of information sent out through the wireless matrix with an access ID attached to it which gives authentication. All a spoofed command is is a packet of information sent out through the wireless matrix with a fake access ID attached to it which gives authentication.

The rules you're posting just say that you have to use the master's access ID as opposed to any other access ID. So, if you have the master's access ID, spoofing a slaved device works exactly like spoofing any other device.


Read again, you cannot hack the slaved node without direct physical access. Spoofing is not hacking.

I'm not seeing the point of slaving then, if you need exactly the same information to spoof a node either way. I guess it would only make it unhackable, and no other benefits.

No you're completely wrong on this one. Because, if you can only spoof FROM the Master Node, then option 2 doesn't make ANYSENSE WHAT SO EVER.

Lets look at each option:

1) Hack Directly to the slave with a +2 TN modifier, requiring a hardwire line.
2) Hack the Master Node
3) Spoof the Access ID of the Master Node and then spoof commands to the slave.

If you've hacked the Master node, you don't need to spoof anything. You're already there.
When you use Spoof with the ACCESSID you're actually pretending you HAVE the subscription. That's how spoof works.

Remember, the subscriptions are 'virtual' they're in a table somewhere, linking access ID with subscription information. When you spoof the correct AccessID it thinks it's comming from the Master Node.
That's what having the AccessID allows you to do.

The benefit is that there is only a single access ID that works, as opposed to a large number. The other benefit is of course the unhackable thing.

Slaving is not "I win the matrix" it is a tactic to delay intrusion. Also, for a large part, you're going to want to hack into something, not simply spoof it, so you'll need to go through all these steps to be able to spoof the slave, then you'll need to use spoofing to break the connection or switch you to being the master. Then you'll need to actually do the stuff (possibly with hacking if you didn't make yourself the master). So yeah, slaving buys time against hackers (Which is often something very important) but it doesn't grant immunity to them.

But how is that different from spoofing any old node? Basically that way slaving has no benefit at all against spoofing, which seems odd.



Which really means nothing to a hacker, because they will have to sniff out an access ID either way. I guess slaving in this case would make it harder to get an access ID out of someone with legwork?

double post

And you continue to go in circles.

Yes, I know exactly what Spoof Does. However, Spoof begins to break down when Slaving is used. Why? Because you cannot forge a link with your damn spoof command against a Slaved Node. You must use the Master Node (and the Master Node's AID) to do so. Yes, You can Hack the Node, and subsequently have complete access to everything; OR you can Spoof the Master Node as a Legitimate User (Acting as them, remotely), and then Sppoof Commands form there uisng the Master's AID. That is exactly what the Slaving rules tell you. Since you are not hacking the Master Node, using the AID for the Spoof Action does not boot you, because you are not putting another persona/agent/program onto the Comlink/Nexus, you are using it as a bouncing point. Once you have spoofed your access, then you spoof the slaved node (Uisng the same AID). Now, the slaved node will take the command and run it.

When a Node is NOT slaved, then any communications with the correct AID will work, because it is accepting such communications (as the Slamm-O! example provided above indicates). Any external communications with the correct AID will cause the Target to react. Unfortunately, if it is slaved, you cannot just connect, becuase your initial try will just shunt you back to the Master Node. You are NOT connecting to the Drone (in this case) node, you are connecting to the Riggers Node (Comlink or Nexus), and a Comlink/Nexus has no Pilot Program to execute the command (in the Drone Example).

Spoofing is useful for some things, and Hacking is generally more useful for all things. Spoofing IS NOT HACKING... In fact, You would likely not even be able to analyze the Master node that you have spoofed to determine any slaved subscriptions, because you cannot run any such programs on the master node with a Spoofed ID, because you are NOT ACTUALLY IN THE NODE. You have to hack it for something like that.

Anyways...

Note that in unwired, a slave node is considered as running under admin. In unwired attempts at spoofing that require admin get -6 dice. So, in the above example, if the drone was slaved, Slamm-O! gets -6 dice to his spoof attempt under Unwired's rules.

Because for example any old node might be setup to accept any number of access Id's.

Lets say you have a Node that controls a mechanical arm on your warehouse management system.
It accepts commands from: the maintenance guys access ID's, the access id's of all the security riggers, the command and control node, the safety manager.

If you slave it to the Command and Control node, then the ONLY way to control it is via the Command and Control node. The Security Riggers would need to connect via the command and control node, and sends their orders from there. The maintenance guys can't do any maintenance on site, etc...

Never said it was... Slaving is a tactic to make the Target more difficult to hack. That is really all it is used for. Slaving has a nice side benefit of also making it a bit more difficult to Spoof.

Ah right. Thanks for pointing that out

You do not need a subscription to the node, for spoofing to work. That's actually the whole point. But spoofing only lets you send 1 way commands. It's of limited use against anything but an agent or a drone.

You do not need to spoof the AID of a user, and send that to the master node. What you do is spoof the AID of the master node, and send that to the slave. It's for once actually fairly clear english.

Apparently anyone at your table must use the Master Node, but (trust me on this one), we don't. Clearly we're not getting through to you either through sabs clear line of reasoning "If you've hacked the Master node, you don't need to spoof anything." or Tiger Eye's example of spoofing.

At this point it's becoming a pointless shouting match, all the way down to the "damn"s.

It makes perfect Sense. SPOOF is a poor Man's Hack, and that is ALL it is.
Yes, If you are Hacking the Master Node, you don't need to spoof. Again, Spoofing is not hacking.
For a Regular Node, you are correct. You pretend the orders ocme from the controller. Unfortunately, against a Slaved Node, You are not pretending that you have a subscription, because you do not have a Subscription. You must use one that is already in place.

AS for your ideas on the Subscription List, It is only Virtual, ON THE LINK IT HAS BEEN CREATED ON, not floating somewhere in the Matrix. It is specific to each Master Device. If you do not have access to that List, well, then you are SOL. You either need to hack the Node to acquire the List (which changes constantly, I presume, as things are added and deleted from the list), or you spoof the Target with the AID of the USER, or for a Slaved Node, You spoof the Master, then Spoof the Slave (with the Correct AID).

This is correct... In the Frst Paragraph, the node is not slaved at all. In the 2nd, it is. What is the Problem here?

The subscription list is on the SLAVE.
it says: AccessID 8763 is my master, I must listen to it.
I spoof directly to it: I am AID 8763, execute shutdown command.

If my spoof roll is good enough, the slave sends back to accessID 8763 okay (but I don't see that) and begins shutdown procedure.

The slave has a list of all nodes that have a subscription to it.
The Master has a list of all nodes IT has a subscription to.

To fool the slave, you only need an AID on the access list. You don't give a damn about the Master.

Which is what I said. They are two different Scenarios.

One is for a Normal (Non-Slaved) Node. Spoofing works great against Non-Slaved Nodes.
Two is for a Slaved Node. You can only spoof the Slaved node from the Master Node, however, as it is the only one with a valid connection, all others will be refused.

That there are some job functions where that's not useful. Where that level of security is TOO MUCH for the job needing to be done. You don't want everyone accessing the Control Arm to have Admin access to the damn thing. You want the maintenance guys to only have access to the maintenance functions, you want the safety shift supervisor only to have access to the emergency stop.

Except you're wrong! On the Internet!
OMG

I'm sorry but Scenario Two is not RAW. That maybe how you play on your table, but it's completely not RAW. And it requires a fundemental misunderstanding of the Slave/Master and Spoof rules to come to the conclusion you have.

I think you confuse Subscriptions with Slaving. All your arguments work for standard Subscriptions that are non-slaved.

There is NO ACCESS LIST for the SLAVE. There is Only 1 Connection that it recognizes.

For standard Nodes, You would be correct. Any member on the Access List could send commands to a non-slaved connection. For a Slaved Connection, YOU ONLY HAVE A SINGLE CONNECTION, and commands are ONLY accepted through that connection. It is a Direct Link. A Slaved node will accept no other links whatsoever, because any attempt at such reroutes them directly back to teh master Node.

Spoofing a Slaved Node is difficult. Spoofing a Non-Slaved Node is cake.

But that is a Security Choice. Many things will likely not be slaved, as it is intensive and requires more effort, even for those intended to use the system. Just becasue it is less useful does not mean that it is of no use. Some things will be Slaved (I ALWAYS Slave my drones, because it is so much more difficult to get into).

I understand your concerns, but that is not how the rules have been written.

What is a subscription? A subscription is Device A having somewhere on it something saying "I have a subscription to device B" and device B having somewhere on it something saying "I have a subscription to device A" and them sending data back and forth to confirm this.

What is an Access ID? An Access ID is something saying that Device A is Device A, and not Device C.

What is a command? A command is a packet of data sent out into the matrix that contains 1) instructions to do something and 2) an Access ID to act as verification that the instruction should be followed.

What is a spoofed command? A spoofed command is a command which has 2) from above artificially altered.

What happens when a device receives a command? It checks the Access ID provided by 2) against the list of Access IDs that it should accept commands from. It then looks at the command and checks that the Access ID provided by 2) has the proper level of authority to perform the command. If this checks out, the device performs the command.

What happens when a device receives a spoofed command? Exactly the same thing as a non-spoofed command, except that the checking of the Access ID provokes an opposed check to see if the device believes the forged Access ID.

What happens when a slaved device receives a command? Exactly the same thing as any other device, with the exception that the list of accepted Access IDs only contains a single possibility, and the additional instructions that if the Access ID doesn't match, it send a warning of some kind to the Access ID that is listed.

What happens when a slaved device receives a spoofed command? Exactly the same thing as a non-spoofed command, except that the checking of the Access ID provokes an opposed check to see if the device believes the forged Access ID.

In no way is it required that the master be involved in spoofing except that its Access ID needs to be found, and indeed the idea of sending a spoofed command from the master is ridiculous, because if you can send a spoofed command from the master, you could send a normal command from the master, which would be accepted. It is also ridiculous because to do that, you would first have to hack into and gain total control of the master, at which point you have total control of all slaves regardless.

Also, to whoever said slaving doesn't provide much advantage against spoofing, you're largely right. But nothing claims that slaving is an improvement against spoofing. Slaving is put forth as a security against hacking, which it is, and it does help somewhat against spoofing due to the decreased accepted Access ID list, and the fact that failure is more directly acted upon.

the slave HAS to have an access list. Otherwise it doesn't know who to send all it's requests to. Or How to send them.

That Single Connection isn't really a single connection. (unless you use a wire, and turn off wireless)
The Slave gets a signal on the wireless, and it says, "are you AID 7843" If the answer is yes, it accepts the input, if it's no it says, "please contact AID 7843, rerouting connection".

So, if I happen to be able to spoof AID 7843, then, when I send my command 'as AID 7843' the slaved node says, "oh.. okay." But when it goes to send a response, that gets sent to AID 7843 as registered on the ad hoc network, which I can't do, unless I have 'permanspoofed' my AID on my commlink. (which causes some issues)

EDIT:
Ninjad by Ghost in a more coherent fashion.

And my point was that, you can't slave everything a s asecurity concern. Somethings do get slaved, but not everything under the sun.

Sorry, I am enjoying the Discussion, and I have been using caps, because it faster than other formatting... Sorry for the "Shouting."
Not everyone likes penetrating a Slaved System. I get that. If you have HACKED something, then the Spoof Command is totally useless (Unless youwere detected, at which point you must spoof everything). I agree with that. But there are others who only want to just Spoof a command or two, and Hacking is not needed for that. Unfortunately, a Slaved node presents certain obstacles that MUST be bypassed. There are only 3 ways to get around them, after all, and they are very explicit. Unfortunately, you need to also understand the nature of subscritptions and slaving in concert, if you want to Spoof through the Master Node. Not saying that you don't, but apparently, you do not like how they interract, and that is quite okay.

Again, Tiger Eye's Example shows that you can indeed spoof a non-slaved node with ease. I never argued that you could not.

I don't see why it's so hard. Slaving requires admin access, so spoofing a slave is at -6; not easy, but not impossible. You can attempt it as long as you're within signal range. There's no 'spoofing *through* the master', only spoofing *as* the master. A subscription is not a prerequisite.

An encrypted link does require a subscription, and it seems like you should easily be able to set up an encrypted slaved link and be done with the whole question.

The slave does not need a list, all it needs is the Master Node's AID to reference. (I guess a list of 1 is still a list, though).
And since the Connection IS a Subscription directly with the Master node, it is as good as hardwired, in any event (Any communications must travel along that specific port, or it will be rerouted). Now, a non-slaved node can accept any other subscription request it likes or receives. Unfortunately, a Slaved node cannot. It will re-direct any such request back to the Master node, which may or may not accept such a request, depending upon its configuration. You cannot force a subscription request onto a Slaved Node.

I agree that not everything is going to be Slaved on a network. That creates an unwieldy system in a lot of respects.